launchpadblog

As announced in Sunsetting Launchpad mailing lists, we have now shut down the Launchpad mailing lists hosting service.

For backup and archival, we have provided an archive of the public mailing lists at https://archive.lists.launchpad.net. All valid public lists.launchpad.net URLs that existed at the time of the shutdown now redirect to the archive, where the content will remain accessible. If you experience any issues with the archive, please report them by submitting a question or by contacting us on our Matrix channel, #launchpad:ubuntu.com.

We have extended our webhooks capabilities to be able to trigger webhooks on successful and unsuccessful package uploads to Personal Package Archives (PPAs).

When a new source package is uploaded to one of your PPAs, the system can now send an instant webhook notification to an endpoint you control. This will make it easier to build automations around package uploads and binary package builds in your PPAs.

The webhook configuration includes scopes so you can configure to only trigger on successful use cases, or vice versa. Each webhook payload includes essential metadata about the upload – more details in the Webhooks page of our user documentation.

To try it out, you can add a webhook to your archive via the API (API reference), or via the UI by going to “Manage Webhooks” in your archive’s page.

If you have ideas or feedback, reach out to us!

Launchpad Builders do not have direct access to the Internet. To reach external resources, they must acquire an authentication token that allows access to a restricted set of URLs via a proxy. This can either be a custom authenticated builder proxy or the fetch service.

The fetch service is a custom sophisticated context-aware forward proxy. Whereas the builder proxy allows requests to allowlisted URLs, the fetch service also keeps track of requests and dependencies for a build.

Users can now opt-in to use the fetch service while building snaps, charms, rocks and sourcecraft packages. You can read more about the fetch service here.

Why is the fetch service important?

To achieve traceability and reproducibility, artifact dependencies retrieved during a build must be identified. The fetch service mediates network access between the build host and the outside world, examining the request protocol, creating a manifest of the downloaded artifacts, and keeping a copy of the artifacts for archival and metadata extraction for each package build.

How to use the fetch service?

To be able to use the fetch service, users must opt-in. For snaps, charms, rocks and sourcecraft packages, the use_fetch_service flag should be set to true in the API. For snaps and charms, this setting is also available in the Edit Recipe UI page. 

The fetch service can be run in two modes, “strict” and “permissive”, where it defaults to the former. Both modes only allow certain resources and formats, as defined by inspectors which are responsible for inspecting the requests and the various downloads that are made during the build, ensuring that the requests are permitted. 

The “strict” mode errors out if any restrictions are violated. The “permissive” mode works similarly, but only logs a warning when encountering any violations. The mode can be configured using the fetch_service_policy option via the API. For snaps and charms, the mode can also be selected from a dropdown on the Edit Recipe UI page.

When to use the fetch service?

Use the fetch service when you need to keep track of requests and dependencies for a build, e.g., when you need to verify that the artifacts belong to secure, trusted sources.

Launchpad now supports the FIDO2 hardware-backed SSH key types ed25519-sk and ecdsa-sk. These keys use a hardware device, such as a YubiKey or Nitrokey, to perform cryptographic operations and keep your private keys safely off your computer. They can be used anywhere Launchpad accepts SSH authentication, including git+ssh and SFTP PPA uploads.

To generate a new key, run

ssh-keygen -t ed25519-sk -C "your@email.com"

or use ecdsa-sk for backwards compatibility. You will be asked to touch your security key during the key creation, and OpenSSH will store the resulting files in ~/.ssh/. If you want to make your key resident, meaning it can be stored on the hardware device and later retrieved even if the original files are lost, use the -O resident option:

ssh-keygen -t ed25519-sk -O resident -C "your@email.com"

Resident keys are useful if you use multiple machines or if you want a portable login method tied directly to your hardware key. To register a new key on your Launchpad account, visit https://launchpad.net/~username/+editsshkeys.

These new key types offer strong protection against key theft and phishing, but require a physical device each time you connect. It is recommended you keep a separate backup key if you use them regularly.

The introduction of security key backed SSH key types is the next step on making Launchpad even more secure. Let us know if you have any feedback!

As announced earlier this year in our previous blog post: Sunsetting Launchpad’s mailing lists, Launchpad will retire its mailing list feature at the end of October 2025.

We would like to provide an update on the next steps in this process.

Our current plan is to stop accepting and sending emails to Launchpad mailing lists during the week of 13th to 17th October 2025.

If your team is still actively using or relying on Launchpad mailing lists, we recommend following one of the Migration Paths proposed on the previous blog post. If you do not see a clear way forward, please reach out to us to discuss, and see how we can help you:

• Matrix: #launchpad:ubuntu.com
• Email: feedback@launchpad.net

What are code imports?

Launchpad’s code import service allows users to automatically mirror code from external version control systems into Launchpad. Historically, this has supported imports from CVS, Subversion, Bazaar and Git.

As part of this, Launchpad currently also supports imports into Bazaar branches from:

• Concurrent Version System to Bazaar
• Subversion via cvs2svn to Bazaar
• Subversion via bzr-svn to Bazaar

These imports will be deprecated.

Why deprecate these imports?

As announced in Phasing out Bazaar code hosting, Bazaar itself has been deprecated and is no longer actively developed. The last release was in 2016, and usage has steadily declined.

Maintaining imports from these less common version controls to Bazaar requires significant efforts.

To streamline our services and focus resources where they matter most, Launchpad will be retiring the previously mentioned Bazaar-based imports.

Timelines

• September 18th, 2025: No new import configurations for the previously mentioned Bazaar-based imports will be accepted.
  
• October 1st, 2025: All existing CVS to Bazaar and SVN to Bazaar imports (both cvs2svn and bzr-svn) will be shut down. Import jobs will no longer run after this date.
  

Migration paths

If you are currently using these imports, we recommend:

• Migrating the source repository to Git.
• Reconfiguring your Launchpad project to use a Git-based import instead.

Guides and references:

• Migrate a Repository From Bazaar to Git
• General CVS/SVN to Git migration tools (such as git cvsimport, svn2git, or git svn) are widely documented.

Call for action

If you have a project still depending on CVS to Bazaar or SVN to Bazaar imports, and you are unsure how to migrate, please reach out to us.

You can contact us in #launchpad:ubuntu.com on Matrix, or via e-mail at feedback@launchpad.net.

Join the discussion at: https://discourse.ubuntu.com/t/deprecating-cvs-and-subversion-imports/66876

What is Bazaar code hosting?

Bazaar is a distributed revision control system, originally developed by Canonical. It provides similar functionality compared to the now dominant Git.

Bazaar code hosting is an offering from Launchpad to both provide a Bazaar backend for hosting code, but also a web frontend for browsing the code. The frontend is provided by the Loggerhead application on Launchpad.

Sunsetting Bazaar

Bazaar passed its peak a decade ago. Breezy is a fork of Bazaar that has kept a form of Bazaar alive, but the last release of Bazaar was in 2016. Since then the impact has declined, and there are modern replacements like Git.

Just keeping Bazaar running requires a non-trivial amount of development, operations time, and infrastructure resources – all of which could be better used elsewhere.

Launchpad will now begin the process of discontinuing support for Bazaar.

Timelines

We are aware that the migration of the repositories and updating workflows will take some time, that is why we planned sunsetting in two phases.

Phase 1

Loggerhead, the web frontend, which is used to browse the code in a web browser, will be shut down imminently. Analyzing access logs showed that there are hardly any more requests from legit users, but almost the entire traffic comes from scrapers and other abusers. Sunsetting Loggerhead will not affect the ability to pull, push and merge changes.

Phase 2

Updated timeline

From December 11th, 2025 (was September 1st in the first announcement), we do not intend to have Bazaar, the code hosting backend, any more. Users need to migrate all repositories from Bazaar to Git between now and this deadline.

Migration paths

The following blog post describes all the necessary steps on how to convert a Bazaar repository hosted on Launchpad to Git.

Migrate a Repository From Bazaar to Git

Call for action

Our users are extremely important to us. Ubuntu, for instance, has a long history of Bazaar usage, and we will need to work with the Ubuntu Engineering team to find ways to move forward to remove the reliance on the integration with Bazaar for the development of Ubuntu. If you are also using Bazaar and you have a special use case, or you do not see a clear way forward, please reach out to us to discuss your use case and how we can help you.

You can reach us in #launchpad:ubuntu.com on Matrix, or submit a question or send us an e-mail via feedback@launchpad.net.

It is also recommended to join the ongoing discussion at https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189.

What are Launchpad’s mailing lists?

Launchpad’s mailing lists are team-based mailing lists, which means that each team can have one of them. E-mails from Launchpad’s mailing lists contain `lists.launchpad.net ` in their address.

For more information on the topic please see https://documentation.ubuntu.com/launchpad/user/explanation/launchpad-mailing-lists/.

What are they not?

Please note that both lists.canonical.com and lists.ubuntu.com are not managed by Launchpad, but by Canonical Information Systems.

Timeline

Launchpad will no longer offer mailing lists as of the end of October 2025, which aligns with the end of the 25.10 cycle.

Migration paths

Depending on your use case, there are different alternatives available.

For a couple of years now, discourse has become a viable alternative for most scenarios. Launchpad also offers the Answers feature for discussions. If it is not so much about communication, but more about receiving information, e.g. for updates on a bug report, you should be aware that you can also subscribe teams to bugs.

Call for action

We are aware that your use case may be very different from the above listed ones. If you are using Launchpad’s mailing lists today and you do not see a clear way forward, please reach out to us to discuss your use case and how we can help you.

Please contact us on Matrix (#launchpad:ubuntu.com) or drop as a message via feedback@launchpad.net.

Please note that this is still work in progress, and we will provide more information over the upcoming weeks and months.

More than 5 years ago, i386 was dropped as an architecture in Ubuntu. Despite this, i386 has remained selected by default as an architecture to build when creating new PPAs, snap recipes, or OCI recipes.

Today, we have disabled building for i386 by default. From now on, only amd64 will be selected by default when creating new PPAs, snap recipes, or OCI recipes. This change only affects newly created PPAs, snap recipes, or OCI recipes. Existing PPAs and recipes remain unchanged.

It’s worth noting that, although we have disabled building for i386 by default, it’s still possible to select i386 as a target architecture when creating new PPAs, snap recipes, or OCI recipes. In future, we may yet decide to disable this altogether but for now, the ability to target i386 remains.

Because targeting i386 is still possible (but requires intervention to enable), we don’t anticipate that this change will affect users, but if you are affected, please log a bug.

And as always, if you have any feedback, please let us know!

Launchpad and the Open Documentation Academy Live in Málaga

Launchpad is a web-based platform to support collaborative software development for open source projects. It offers a comprehensive suite of tools including bug tracking, code hosting , translation management, and package building

Launchpad is tightly integrated with the Ubuntu ecosystem, serving as a central hub for Ubuntu development and community contributions. Its features are designed to streamline the process of managing, developing, and distributing software in a collaborative environment.

Launchpad aims to foster strong community engagement by providing features that support collaboration, community management, and user participation, positioning itself as a central hub for open source communities.

Canonical’s Open Documentation Academy is a collaboration between Canonical’s documentation team and open source newcomers, experts, and those in-between, to help us all improve documentation, become better writers, and better open source contributors.

A key aim of the project is to set the standard for inclusive and welcoming collaboration while providing real value for both the contributors and the projects involved in the programme.

Join us at OpenSouthCode in Málaga

Launchpad and the Open Documentation Academy will join forces at OpenSouthCode 2025 in the wonderful city of Málaga, Spain, on June 20 – 21 2025.

The Open Documentation Academy will have a hands-on documentation workshop at the conference, where the participants will learn how to do meaningful open source contributions with the help of the Diátaxis documentation framework.

Launchpad’s Jürgen Gmach will be on-site and help you to land your first open source contribution.

Please register at https://www.opensouthcode.org/conferences/opensouthcode2025 – the conference and the workshop are free of charge. If you have any questions, please do not hesitate to reach out to us at feedback@launchpad.net.

Tenemos muchas ganas de conoceros. ¡Nos vemos en Málaga!